Ticket #367 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

Security: GetFdoCachInfo exposes plain text passwords alongside user Ids

Reported by: stevedang Owned by: stevedang
Priority: medium Milestone: 2.0
Component: Server Version: 2.0.0
Severity: major Keywords:
Cc: External ID: 1010319

Description

Using the Web Tier test pages the GetFdoCachInfo? page exposes plain test passwords alongside their corresponding user id for database connections. For security reasons we should remove the password from the results.

Change History

Changed 4 years ago by stevedang

  • status changed from new to assigned

Changed 4 years ago by stevedang

  • status changed from assigned to closed
  • resolution set to fixed

Fixed by submission < http://trac.osgeo.org/mapguide/changeset/2573>

Note: See TracTickets for help on using tickets.